oauth-flow-architect
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational resource providing secure templates for OAuth 2.0 and OIDC implementations.
- [SAFE]: Explicitly implements PKCE (Proof Key for Code Exchange) using SHA256 hashing to mitigate authorization code injection risks.
- [SAFE]: Demonstrates secure CSRF protection by generating and validating cryptographically random state parameters for all authorization redirects.
- [SAFE]: Provides comprehensive guidance on strict redirect URI validation, including protocol checks (HTTPS) and exact match requirements.
- [SAFE]: Includes implementations for secure token storage using Fernet symmetric encryption for at-rest protection and HttpOnly cookies for web sessions.
- [SAFE]: All external provider configurations (Google, GitHub, Microsoft, Apple, Facebook, etc.) target official and trusted authentication endpoints.
Audit Metadata